As computers become more deeply ingrained in the operations of everyday life, the need for securing information processed thereby becomes increasingly important. This need for secrecy applies to many types of information including corporate, governmental and personal information. Encryption of such information is accordingly useful; however, even encryption systems are not entirely secure. Thus, any techniques for improving the integrity of encryption systems are desirable.
A common data encryption technique is the Data Encryption Standard ("DES") which has been adopted by the National Bureau of Standards of the United States government. Although DES provides relatively secure and inexpensive cryptographic processing of data, certain management aspects of DES-based equipment suffer from problems. Specifically, techniques for managing encryption keys for DES-based encryption equipment are problematic.
The DES encryption method is based upon a secret master key. When this master key is used by two parties, they may successfully encrypt and decrypt each other's information. However, problems arise in connection with distributing a new master key to communicating parties. One prior distribution method comprised giving a new master key to an entrusted person who manually entered the new master key into each cryptographic device. Unfortunately, if either the cryptographic devices are remotely situated or if there are many cryptographic devices, then manually entering master keys into each is very cumbersome and time consuming. Further, there are risks associated with disclosure of the master keys to personnel. Another method of distributing keys comprises transmission thereof via insecure communications links directly to the cryptographic devices. Such unsecured key distribution is obviously unacceptable.
An alternate data encryption technique comprises public key cryptography. According to this technique, users can exchange encrypted information without initially exchanging a common secret master key. Specifically, each user has both an individual public key ("K.sub.p ") and an individual private (i.e. secret) key ("K.sub.s "). The public key is obtainable from a common database of every user and their respective public key (the database is typically maintained on a central computing system that is designated a "key manager"). Private keys are conventionally entered into the local system by the user through manual entry or insertion of a removable data card with the private key stored thereon.
During operation of a public key cryptography system, a sending user will first select a receiving user that a message will be sent to. The sending user then looks up the receiving user's public key by remotely accessing the key manager, encrypts the message using the selected user's public key and sends the message. The receiving user may then use his secret private key to decrypt the message. It should be noted that public key cryptography techniques use "one-way" functions such that a sending user cannot use a receiving user's public key to decipher the corresponding private key. Public key systems are old and well known in the art, for example, as described in "A Method for Obtaining Digital Signatures and Public Key Cryptography," by Rivest et al., Comm. ACM, Vol. 21, No. 2 (February 1978), hereby incorporated by reference herein in its entirety. Specifically, a Rivest, Shamir and Adelman ("RSA") public key encryption system is described therein.
Public key cryptography systems are typically slower than DES systems such that they are not usable in many data processing applications. As a solution, it has been suggested that a public key system be used on a short-term basis to distribute keys for a more conventional DES-type system that is used in long-term data processing (see Rivest et al. incorporated by reference hereinabove). However, problems remain in the area of key management for public key systems.
Specifically, as discussed above, a private key is desirably maintained securely for each user. However, this introduces the same security problems as discussed above with respect to DES, namely, how to secure the private key. As one solution, plug in cards containing read only memories ("ROMs") with the private key stored thereon have been suggested, however these may be decoded, lost or stolen. Again, unsecured transmission of private keys is equally unacceptable. Thus, a more secure technique for establishing private keys is desirable.
The present invention is directed toward solutions for the above noted problems.